mirror of
https://github.com/sasjs/core.git
synced 2025-12-11 06:24:35 +00:00
149 lines
4.5 KiB
SAS
149 lines
4.5 KiB
SAS
/**
|
|
@file mv_tokenauth.sas
|
|
@brief Get initial Refresh and Access Tokens
|
|
@details Before a Refresh Token can be obtained, the client must be
|
|
registered by an administrator. This can be done using the
|
|
`mv_registerclient` macro, after which the user must visit a URL to get an
|
|
additional code (if using oauth).
|
|
|
|
That code (or username / password) is used here to get the Refresh Token
|
|
(and an initial Access Token). THIS MACRO CAN ONLY BE USED ONCE - further
|
|
access tokens can be obtained using the `mv_gettokenrefresh` macro.
|
|
|
|
Access tokens expire frequently (every 10 hours or so) whilst refresh tokens
|
|
expire periodically (every month or so). This is all configurable.
|
|
|
|
Usage:
|
|
|
|
filename mc url
|
|
"https://raw.githubusercontent.com/sasjs/core/main/all.sas";
|
|
%inc mc;
|
|
|
|
|
|
%mv_registerclient(outds=clientinfo)
|
|
|
|
%mv_tokenauth(inds=clientinfo,code=LD39EpalOf)
|
|
|
|
A great article for explaining all these steps is available here:
|
|
|
|
https://blogs.sas.com/content/sgf/2019/01/25/authentication-to-sas-viya/
|
|
|
|
@param [in] inds= A dataset containing client_id, client_secret, and auth_code
|
|
@param [in] outds= A dataset containing access_token and refresh_token
|
|
@param [in] client_id= The client name
|
|
@param [in] client_secret= client secret
|
|
@param [in] grant_type= valid values are "password" or "authorization_code"
|
|
(unquoted). The default is authorization_code.
|
|
@param [in] code= ()
|
|
If grant_type=authorization_code then provide the necessary code here
|
|
@param [in] user= If grant_type=password then provide the username here
|
|
@param [in] pass= If grant_type=password then provide the password here
|
|
@param [in] access_token_var= (ACCESS_TOKEN)
|
|
The global macro variable to contain the access token
|
|
@param [in] refresh_token_var= (REFRESH_TOKEN)
|
|
The global macro variable to contain the refresh token
|
|
@param [in] base_uri= The Viya API server location
|
|
|
|
@version VIYA V.03.04
|
|
@author Allan Bowe, source: https://github.com/sasjs/core
|
|
|
|
<h4> SAS Macros </h4>
|
|
@li mp_abort.sas
|
|
@li mf_getplatform.sas
|
|
@li mf_getuniquefileref.sas
|
|
@li mf_getuniquelibref.sas
|
|
@li mf_existds.sas
|
|
|
|
**/
|
|
|
|
%macro mv_tokenauth(inds=mv_registerclient
|
|
,outds=mv_tokenauth
|
|
,client_id=someclient
|
|
,client_secret=somesecret
|
|
,grant_type=authorization_code
|
|
,code=
|
|
,user=
|
|
,pass=
|
|
,access_token_var=ACCESS_TOKEN
|
|
,refresh_token_var=REFRESH_TOKEN
|
|
,base_uri=#NOTSET#
|
|
);
|
|
%global &access_token_var &refresh_token_var;
|
|
|
|
%local fref1 fref2 libref;
|
|
|
|
/* test the validity of inputs */
|
|
%mp_abort(iftrue=(&grant_type ne authorization_code and &grant_type ne password)
|
|
,mac=&sysmacroname
|
|
,msg=%str(Invalid value for grant_type: &grant_type)
|
|
)
|
|
|
|
%if %mf_existds(&inds) %then %do;
|
|
data _null_;
|
|
set &inds;
|
|
call symputx('client_id',client_id,'l');
|
|
call symputx('client_secret',client_secret,'l');
|
|
if not missing(auth_code) then call symputx('code',auth_code,'l');
|
|
run;
|
|
%end;
|
|
|
|
%mp_abort(iftrue=(&grant_type=authorization_code and %str(&code)=%str())
|
|
,mac=&sysmacroname
|
|
,msg=%str(Authorization code required)
|
|
)
|
|
|
|
%mp_abort(iftrue=(
|
|
&grant_type=password and (%str(&user)=%str() or %str(&pass)=%str()))
|
|
,mac=&sysmacroname
|
|
,msg=%str(username / password required)
|
|
)
|
|
|
|
/* prepare appropriate grant type */
|
|
%let fref1=%mf_getuniquefileref();
|
|
|
|
data _null_;
|
|
file &fref1;
|
|
if "&grant_type"='authorization_code' then string=cats(
|
|
'grant_type=authorization_code&code=',symget('code'));
|
|
else string=cats('grant_type=password&username=',symget('user')
|
|
,'&password=',symget(pass));
|
|
call symputx('grantstring',cats("'",string,"'"));
|
|
run;
|
|
/*data _null_;infile &fref1;input;put _infile_;run;*/
|
|
|
|
/**
|
|
* Request access token
|
|
*/
|
|
%if &base_uri=#NOTSET# %then %let base_uri=%mf_getplatform(VIYARESTAPI);
|
|
|
|
%let fref2=%mf_getuniquefileref();
|
|
proc http method='POST' in=&grantstring out=&fref2
|
|
url="&base_uri/SASLogon/oauth/token"
|
|
WEBUSERNAME="&client_id"
|
|
WEBPASSWORD="&client_secret"
|
|
AUTH_BASIC;
|
|
headers "Accept"="application/json"
|
|
"Content-Type"="application/x-www-form-urlencoded";
|
|
run;
|
|
/*data _null_;infile &fref2;input;put _infile_;run;*/
|
|
|
|
/**
|
|
* Extract access / refresh tokens
|
|
*/
|
|
|
|
%let libref=%mf_getuniquelibref();
|
|
libname &libref JSON fileref=&fref2;
|
|
|
|
/* extract the tokens */
|
|
data &outds;
|
|
set &libref..root;
|
|
call symputx("&access_token_var",access_token);
|
|
call symputx("&refresh_token_var",refresh_token);
|
|
run;
|
|
|
|
|
|
libname &libref clear;
|
|
filename &fref1 clear;
|
|
filename &fref2 clear;
|
|
|
|
%mend mv_tokenauth; |